(MS15-013) Vulnerability in Microsoft Office Could Allow Security Feature Bypass (3033857)
Severity: HIGH
CVE Identifier: CVE-2014-6362
Advisory Date: MAR 19, 2015
DESCRIPTION
This security update resolves one publicly disclosed vulnerability in Microsoft Office. The vulnerability could allow security feature bypass if a user opens a specially crafted Microsoft Office file. The security feature bypass by itself does not allow arbitrary code execution. However, an attacker could use this security feature bypass vulnerability in conjunction with another vulnerability, such as a remote code execution vulnerability, to run arbitrary code.
SOLUTION
AFFECTED SOFTWARE AND VERSION
- Microsoft Office 2007 Service Pack 3
- Microsoft Office 2010 Service Pack 2 (32-bit editions)
- Microsoft Office 2010 Service Pack 2 (64-bit editions)
- Microsoft Office 2013 (32-bit editions)
- Microsoft Office 2013 (64-bit editions)
- Microsoft Office 2013 Service Pack 1 (32-bit editions)
- Microsoft Office 2013 Service Pack 1 (64-bit editions)